Posts

Hack Padding Oracle

Image
This VM, Provided by Pentester Lab, has a website vulnerable to padding oracle attack .  Our goal is to exploit this vulnerability and login as user and admin .   Step 1 :   Now A look at Website    The Website said that we should create an account first. This is because key only appears when you are logged in .  Step 2 :   Using Burpsuite , We can Intercept the server's response  and see how it's look like .     Step 3 :   Now We have Auth  Key        EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE                Step 4 : Kali has an  Padbuster  Tool .                                                    ...
Post a Comment
Read more

Mobile ASVS 0.9.1

Image
The Mobile Application Security Verification Standard is a list of security requirements for mobile applications that can be used by architects, developers, testers, security professionals, and consumers to define what a secure mobile application is. Download : https://goo.gl/z1UYxG
Post a Comment
Read more

File Upload Vulnerability Bug In bit defender

Image
Hey all , Few months back I found a upload  vulnerability bug in bit defender.  Lets get into the finding While I was testing "bit defender.com " , There was one url with this pattern     Step 1 : Tested for  " SQL " Injection  https://store.bitdefender.com/ order/?=  '%3   there was some syntax error        Step 2 : Tested for " LFI "     https://store.bitdefender.com/ order/?=   cat /etc/passwd       there was some syntax error     Step 3 : I Did Tested More Injection    there was some 404 error  Ok thats cool :)    Step 10 : Tested for " XSS "         https://store.bitdefender.com/ order/?=%3Csvg/onload=alert(1) %3E                 The above url showing ...
1 comment
Read more